Pagina 1 di 1

servizio centro sicurezza pc windows disabilitato

MessaggioInviato: mar apr 12, 2011 6:37 pm
da manero478
oggi mi e' apparsa questa cosa:
IMPOSSIBILE AVVIARE IL SERVIZIO CENTRO SICUREZZA PC WINDOWS...

Cosi sono andato nei sevizi, e la parte estesa mi dava errore dovuto a degli ativx non funzionanti,
comunque nella parte standard si vedeva che era di fatto DISABILITATO...

l'ho rimesso AUTOMATICO ho salvato e avviato...
Sembrava andare tutto bene.. ma riappare il messaggio che il servizio non e' avviato..
vedendo nei servizi .. a prima vista sembra avviato in automatico..
ma se si va' nelle proprieta' si vede che e' disabilitato--..

ho lanciato il tdsskiller.exe di kaspersky non ha trovato nulla...
poi Malwarebytes su c:\ e ha trovato delle infezioni anche nel registo...

ho riaperto services.msc..
e stavolta si vedeva anche la parte estesa...
ma lanciando il servizio del centro sicurezza e anche se sembra partire e non dando nessun errore
comunque RIMANE DISABILITATO...

che faccio?...

grazie

Re: servizio centro sicurezza pc windows disabilitato

MessaggioInviato: mar apr 12, 2011 7:20 pm
da manero478
Nel frattempo ho fatto una scansione con EliBagla 14.14

questo e' il log:

(12-4-2011 17:40:28 (GMT))
EliBagle v14.15 (c)2010 S.G.H. / Satinfo S.L. (Actualizado el 14 de Febrero del 2011)
----------------------------------------------
Lista de Acciones (por Acción Directa):

(12-4-2011 17:42:41 (GMT))
EliBagle v14.15 (c)2010 S.G.H. / Satinfo S.L. (Actualizado el 14 de Febrero del 2011)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 242
Nº Total de Ficheros: 3334
Nº de Ficheros Analizados: 192
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.

(12-4-2011 18:03:30 (GMT))
EliBagle v14.15 (c)2010 S.G.H. / Satinfo S.L. (Actualizado el 14 de Febrero del 2011)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
SLMGR.VBS -> BagleSLMGR.VBS -> Bagle
Nº Total de Directorios: 19580
Nº Total de Ficheros: 127085
Nº de Ficheros Analizados: 21644
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 2


pur avendo trovato e pulito.. il servizio si comporta nello stesso modo..
NON VA'..

Re: servizio centro sicurezza pc windows disabilitato

MessaggioInviato: mer apr 13, 2011 8:43 am
da hashcat
Prova a ripristinarlo con Analyze Restore Center cliccando su ripristino e al termine della procedura riavviando il computer.

Re: servizio centro sicurezza pc windows disabilitato

MessaggioInviato: mer apr 13, 2011 11:57 pm
da manero478
allora hascat...

ho scaricato ed eseguito ARC..
lanciato apre una finestra dos con scritto "in attesa di risposta da registro.."
e si apre il registro...
non sapendo che fare ho aspettato... visto che non succedeva nulla ho chiuso il registro...
a quel punto mi ha detto " ripristino servizi effettuato.. adesso rifunzioneranno tutti"
ho fatto ripartire il il pc come richiesto...
e sembrava che tutto avesse funzionato.. per un po' la bandierina bianca con la crocetta era sparita..
...
ma dopo qualche minuto e' riapparsa con i 2 prob... sia il servizio centro sicurezza sia windows update...
ma stavolta l'errore era diverso... non piu' 80072EFE ma 80070005
e al contrario del primo che sembra a detta di microsoft .. che potrebbero essere problemi al server...
l'80070005 .. ho letto che potrebbe essere che non ho i diritti di amministratore...
ho controllato e questi diritti li ho visto che la macchina l'ho installata io e senza password...
l'amministratore c'e' ma abbiamo gli stessi diritti e facciamo parte dello stesso gruppo...
l'unica cosa diversa che ha e che sulle proprieta dove sta che la password non scade mai..
ha anche selezionata la casella "account disabilitato"
...
a sto punto ho rilanciato ARC.. e visto che c'era il controllo del file HOST l'ho lanciato, nel controllo mi diceva che era stato manipolato e se volevo ripristinarlo.. HO DAT SI (1)... mi rispondeva che non poteva farlo perche forse non avevo i diritti...
cosi sono andato sul windows/system32/driver/etc e ho trovato l'HOST...
era di circa 432 kb e vi erano anche 3 backup con la stessa grandezza ed uno con 1 kb... ho fatto l'edit dei file..
ti posto il contenuto : HO CANCELLATE MOLTE RIGHE PERCHE QUI NON LE ACCETTAVA TUTTE..

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com
127.0.0.1 http://www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 http://www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 http://www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 http://www.100888290cs.com
127.0.0.1 http://www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 http://www.10sek.com
127.0.0.1 http://www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 http://www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 http://www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 http://www.123moviedownload.com
127.0.0.1 123simsen.com
127.0.0.1 http://www.123simsen.com
127.0.0.1 123topsearch.com
127.0.0.1 http://www.123topsearch.com
127.0.0.1 125sms.co.uk
127.0.0.1 http://www.125sms.co.uk
127.0.0.1 125sms.com
127.0.0.1 http://www.125sms.com
127.0.0.1 132.com
127.0.0.1 http://www.132.com
127.0.0.1 1337crew.info
127.0.0.1 http://www.1337crew.info
127.0.0.1 http://www.1337-crew.to
127.0.0.1 1337-crew.to
127.0.0.1 http://www.136136.net
127.0.0.1 136136.net
127.0.0.1 150freesms.de
127.0.0.1 http://www.150freesms.de
127.0.0.1 http://www.163ns.com
127.0.0.1 163ns.com
127.0.0.1 171203.com
127.0.0.1 17concepts.info
127.0.0.1 http://www.17concepts.info
127.0.0.1 17-plus.com
127.0.0.1 http://www.1800searchonline.com
127.0.0.1 1800searchonline.com
..........
127.0.0.1 http://www.1stpagehere.com
127.0.0.1 1stpagehere.com
127.0.0.1 http://www.1stsearchportal.com
127.0.0.1 1stsearchportal.com
127.0.0.1 2.82211.net
127.0.0.1 2006ooo.com
127.0.0.1 http://www.2006ooo.com
127.0.0.1 2007-download.com
127.0.0.1 http://www.2007-download.com
127.0.0.1 http://www.2008firefox.com
127.0.0.1 2008firefox.com
....................
127.0.0.1 http://www.3-2005-search.com
127.0.0.1 3-2005-search.com
127.0.0.1 http://www.321-gratis-sms.com
127.0.0.1 321-gratis-sms.com
127.0.0.1 http://www.3322.org
127.0.0.1 3322.org
127.0.0.1 http://www.365fporn.info
127.0.0.1 365fporn.info

............................................
127.0.0.1 6hporn.info
127.0.0.1 6o64cfcmkyt.tabletprescriptionshop.net
127.0.0.1 http://www.6plosex.info
127.0.0.1 6plosex.info
127.0.0.1 http://www.6sek.com
127.0.0.1 6sek.com
127.0.0.1 http://www.70-music.com
127.0.0.1 70-music.com
127.0.0.1 http://www.7322.com
127.0.0.1 7322.com
127.0.0.1 http://www.745970.com
127.0.0.1 745970.com
127.0.0.1 75tz.com
127.0.0.1 http://www.777bestcasino7.ru
127.0.0.1 777bestcasino7.ru
127.0.0.1 http://www.777casinoroyal.net
127.0.0.1 777casinoroyal.net
127.0.0.1 http://www.777casinozbest.net
127.0.0.1 777casinozbest.net
127.0.0.1 http://www.777gamecard.net
127.0.0.1 777gamecard.net
127.0.0.1 http://www.777jackpotgame.net
.....................................
127.0.0.1 http://www.absolutee.com
127.0.0.1 http://www.abvira.de
127.0.0.1 abvira.de
127.0.0.1 ac1.healthcare-ultimate.com
127.0.0.1 http://www.ac1.healthcare-ultimate.com
127.0.0.1 ac66.con
127.0.0.1 http://www.ac66.con
127.0.0.1 http://www.acaiporn.info
127.0.0.1 acaiporn.info
127.0.0.1 access.navinetwork.com
127.0.0.1 access.rapid-pass.net
127.0.0.1 http://www.accessactivexvideo.com
127.0.0.1 accessactivexvideo.com
127.0.0.1 accessclips.com
127.0.0.1 http://www.accessclips.com
127.0.0.1 access-dvd.com
127.0.0.1 http://www.access-dvd.com
127.0.0.1 accesskeygenerator.com
127.0.0.1 http://www.accesskeygenerator.com
127.0.0.1 accessthefuture.net
127.0.0.1 http://www.accessthefuture.net
127.0.0.1 accessvid.net
127.0.0.1 http://www.accessvid.net
.............................
127.0.0.1 adarmor.com
127.0.0.1 http://www.adarmor.com
127.0.0.1 http://www.adasearch.com
127.0.0.1 adasearch.com
127.0.0.1 adatoms.com
127.0.0.1 http://www.adatoms.com
127.0.0.1 adaware.cc
127.0.0.1 http://www.adawarenow.com
127.0.0.1 adawarenow.com
127.0.0.1 adchannel.contextplus.net
127.0.0.1 http://www.addetect.com
127.0.0.1 addetect.com
127.0.0.1 add-hhh.info
127.0.0.1 http://www.add-hhh.info
127.0.0.1 http://www.addictivetechnologies.com
127.0.0.1 addictivetechnologies.com
127.0.0.1 http://www.addictivetechnologies.net
127.0.0.1 addictivetechnologies.net
127.0.0.1 http://www.addioerrori.com
127.0.0.1 addioerrori.com
127.0.0.1 add-manager.com
127.0.0.1 http://www.add-manager.com
127.0.0.1 http://www.addresswebsearch.com
127.0.0.1 addresswebsearch.com
127.0.0.1 http://www.addstand.ru
.....................................
127.0.0.1 adult777search.info
127.0.0.1 adultan.com
127.0.0.1 http://www.adultan.com
127.0.0.1 http://www.adultcodec-2008.com
127.0.0.1 adultcodec-2008.com
127.0.0.1 adultcodecstars.com
127.0.0.1 http://www.adultcodecstars.com
127.0.0.1 http://www.adult-engine-search.com
127.0.0.1 adult-engine-search.com
127.0.0.1 http://www.adult-erotic-guide.net
127.0.0.1 adult-erotic-guide.net
127.0.0.1 adultfilmsite.com
127.0.0.1 http://www.adultfilmsite.com
127.0.0.1 adult-friends-finder.net
127.0.0.1 http://www.adult-friends-finder.net
127.0.0.1 adultgambling.org
127.0.0.1 adult-host.org
127.0.0.1 http://www.adulthyperlinks.com
127.0.0.1 adulthyperlinks.com
127.0.0.1 http://www.adultmovieplus.com
127.0.0.1 adultmovieplus.com
127.0.0.1 adult-mpg.net
127.0.0.1 http://www.adult-mpg.net
127.0.0.1 adult-personal.us
127.0.0.1 adultsgames.net
..................
127.0.0.1 ccecaedbebfcaf.com
127.0.0.1 cclebali.org
127.0.0.1 http://www.ccorriere.it
127.0.0.1 ccorriere.it
127.0.0.1 http://www.cdcopysite.com
127.0.0.1 cdcopysite.com
127.0.0.1 http://www.cdegate.com
127.0.0.1 cdegate.com
127.0.0.1 cdn.drivecleaner.com
127.0.0.1 cdn.errorsafe.com
127.0.0.1 cdn.movies-etc.com
127.0.0.1 cdn.winsoftware.com
127.0.0.1 cdn2.movies-etc.com
127.0.0.1 http://www.cdorriere.it
127.0.0.1 cdorriere.it
127.0.0.1 http://www.ceculedim.con
127.0.0.1 ceculedim.con
127.0.0.1 ceewawires.org
127.0.0.1 http://www.cefjedhoha.com
...............................
127.0.0.1 http://www.dirtydirtylaundry.com
127.0.0.1 dirtydirtylaundry.com
127.0.0.1 http://www.discount-canadian.com
127.0.0.1 discount-canadian.com
127.0.0.1 http://www.discount-cialiss.com
127.0.0.1 discount-cialiss.com
127.0.0.1 http://www.discountmedstablets.com
127.0.0.1 discountmedstablets.com
127.0.0.1 http://www.discountpills.com.con
127.0.0.1 discountpills.com.con
127.0.0.1 http://www.discountviagra4you.com
127.0.0.1 discountviagra4you.com
127.0.0.1 http://www.diseqhw.con
127.0.0.1 diseqhw.con
127.0.0.1 http://www.diskretter.com
127.0.0.1 diskretter.com
127.0.0.1 dist.checkin100.com
127.0.0.1 http://www.divinmf.con
127.0.0.1 divinmf.con
127.0.0.1 dl.ad-ware.cc
127.0.0.1 dl.malwarewipe.com
127.0.0.1 dl.mcboo.com
127.0.0.1 http://www.dl.targetsaver.com
127.0.0.1 dl.targetsaver.com
127.0.0.1 dl.web-nexus.net
..........................
127.0.0.1 fartpost.com
127.0.0.1 fastantimalwarescanner.com
127.0.0.1 http://www.fastantimalwarescanner.com
127.0.0.1 fast-antimalware-scannerv2.com
127.0.0.1 http://www.fast-antimalware-scannerv2.com
127.0.0.1 fastfreedownload.com
127.0.0.1 http://www.fastgamedownload.com
127.0.0.1 fastgamedownload.com
127.0.0.1 http://www.fastmediaservice.com
127.0.0.1 fastmediaservice.com
127.0.0.1 http://www.fastmetasearch.com
127.0.0.1 fastmetasearch.com
............................
127.0.0.1 fishhope.com
127.0.0.1 fitness-free.com
127.0.0.1 http://www.fivechat.com
127.0.0.1 fivechat.com
127.0.0.1 http://www.fivechat.net
127.0.0.1 fivechat.net
127.0.0.1 http://www.fiveheld.com
127.0.0.1 fiveheld.com
127.0.0.1 http://www.fiwebdd.con
127.0.0.1 fiwebdd.con
127.0.0.1 http://www.fix-downloaden.com
127.0.0.1 fix-downloaden.com
127.0.0.1 http://www.fixerantispy.com
127.0.0.1 fixerantispy.com
127.0.0.1 http://www.fiyultd.con
127.0.0.1 fiyultd.con
127.0.0.1 http://www.fjsynebcod.com
127.0.0.1 fjsynebcod.com
127.0.0.1 fla.vwdqwnmwk.con
127.0.0.1 flashdollars.com
127.0.0.1 http://www.flashdollars.com
.........................
127.0.0.1 fvirgilio.it
127.0.0.1 http://www.fwrrari.it
127.0.0.1 fwrrari.it
127.0.0.1 http://www.fzisufuf.con
127.0.0.1 fzisufuf.con
127.0.0.1 http://www.g0oogle.it
127.0.0.1 g0oogle.it
127.0.0.1 http://www.g1ikddcvns3sdsal.info
127.0.0.1 g1ikddcvns3sdsal.info
127.0.0.1 http://www.g4ljw.info
127.0.0.1 g4ljw.info
127.0.0.1 http://www.g9oogle.it
127.0.0.1 g9oogle.it
127.0.0.1 ga31.com
127.0.0.1 http://www.gaazzetta.it
127.0.0.1 gaazzetta.it
127.0.0.1 http://www.gablist.net
127.0.0.1 gablist.net
127.0.0.1 http://www.gabopia.net
127.0.0.1 gabopia.net
127.0.0.1 gabrielscott.com
127.0.0.1 http://www.gad-network.com
127.0.0.1 gad-network.com
127.0.0.1 galleries.secure-softwaremanager.com
127.0.0.1 http://www.galleriesforporn.com
127.0.0.1 galleriesforporn.com
127.0.0.1 http://www.galleryclick.net
127.0.0.1 galleryclick.net
127.0.0.1 http://www.gallerypictures.net
127.0.0.1 gallerypictures.net
127.0.0.1 http://www.gallsforporn.com
127.0.0.1 gallsforporn.com
127.0.0.1 http://www.galoretry.ru
127.0.0.1 galoretry.ru
127.0.0.1 galpostgirls.com
127.0.0.1 gals-for-free.com
127.0.0.1 gambling-online4you.com
127.0.0.1 http://www.gamblingredvegas.net
127.0.0.1 gamblingredvegas.net
127.0.0.1 http://www.game21gold.net
127.0.0.1 game21gold.net
127.0.0.1 http://www.game4all.biz
127.0.0.1 game4all.biz
127.0.0.1 game-amazing.net
127.0.0.1 http://www.game-amazing.net
127.0.0.1 http://www.gamebonus.net
127.0.0.1 gamebonus.net
127.0.0.1 gamecasinoline.net
127.0.0.1 http://www.gamecasinoline.net
127.0.0.1 game-cheerful.net
127.0.0.1 http://www.game-cheerful.net
127.0.0.1 gamecodec.com
....................
127.0.0.1 http://www.gbazzetta.it
127.0.0.1 gbazzetta.it
127.0.0.1 http://www.gboogle.it
127.0.0.1 gboogle.it
127.0.0.1 http://www.ge.net
127.0.0.1 ge.net
127.0.0.1 http://www.geburtstag-infos.de
127.0.0.1 geburtstag-infos.de
127.0.0.1 http://www.geburtstags-ideen.de
127.0.0.1 geburtstags-ideen.de
127.0.0.1 http://www.geburtstags-info.de
127.0.0.1 geburtstags-info.de
127.0.0.1 geburtstags-infos.de
127.0.0.1 http://www.geburtstags-infos.de
127.0.0.1 gedichte.de
127.0.0.1 http://www.gedichte.de
127.0.0.1 gedichte-heute.com
127.0.0.1 http://www.gedichte-heute.com
127.0.0.1 gedichteoma.com
127.0.0.1 http://www.gedichteoma.com
127.0.0.1 gedichteonkel.com
127.0.0.1 http://www.gedichteonkel.com
127.0.0.1 gedichte-server.com
127.0.0.1 http://www.gedichte-server.com
127.0.0.1 http://www.gedichteservice.com
127.0.0.1 gedichteservice.com
127.0.0.1 gedichte-www.de
127.0.0.1 http://www.gedichte-www.de
127.0.0.1 http://www.gehalt-berechnung.de
127.0.0.1 gehalt-berechnung.de
127.0.0.1 gehaltsberater.de
127.0.0.1 http://www.gehaltsberater.de
127.0.0.1 gehaltsrechner.de
127.0.0.1 http://www.gehaltsrechner.de
127.0.0.1 gehalts-rechner.de
127.0.0.1 http://www.gehalts-rechner.de
127.0.0.1 gehaltsrechner-heute.com
127.0.0.1 http://www.gehaltsrechner-heute.com
127.0.0.1 http://www.geil-de.info
127.0.0.1 geil-de.info
127.0.0.1 http://www.genealogie.de
127.0.0.1 genealogie.de
127.0.0.1 generalantivirus.com
127.0.0.1 http://www.generalantivirus.com
127.0.0.1 general-antivirus.com
127.0.0.1 http://www.general-antivirus.com
127.0.0.1 generalsmeltingofcanada.com
127.0.0.1 http://www.generateskey.com
127.0.0.1 generateskey.com
127.0.0.1 http://www.genlogie.com
127.0.0.1 genlogie.com
127.0.0.1 http://www.gensoftdownload.com
127.0.0.1 gensoftdownload.com
127.0.0.1 http://www.gentletrack.net
127.0.0.1 gentletrack.net
127.0.0.1 http://www.geo-fort.ru
127.0.0.1 geo-fort.ru
127.0.0.1 germany.rub.to
127.0.0.1 http://www.germanys-best-topmodel.de
127.0.0.1 germanys-best-topmodel.de
127.0.0.1 http://www.gerrari.it
127.0.0.1 gerrari.it
127.0.0.1 get.adwarebazooka.com
127.0.0.1 get.hitvirus.com
127.0.0.1 http://www.getalltogo.com
127.0.0.1 getalltogo.com
127.0.0.1 http://www.getantivirusplusnow.com
127.0.0.1 getantivirusplusnow.com
127.0.0.1 http://www.getanysoftware.com
127.0.0.1 getanysoftware.com
127.0.0.1 getappnow.avadvance.hop.clickbank.net
127.0.0.1 http://www.getavideonow.com
127.0.0.1 getavideonow.com
127.0.0.1 http://www.getavplusnow.com
127.0.0.1 getavplusnow.com
127.0.0.1 http://www.getbestloanrate.info
127.0.0.1 getbestloanrate.info
127.0.0.1 http://www.getdailyimages.com
127.0.0.1 getdailyimages.com
127.0.0.1 getdvdshrink2007.com
127.0.0.1 http://www.getdvdshrink2007.com
127.0.0.1 geteens.com
127.0.0.1 getfound.com
127.0.0.1 http://www.getfound.com
127.0.0.1 http://www.getfreepornvideo.com
127.0.0.1 getfreepornvideo.com
127.0.0.1 http://www.getimageactivex.com
127.0.0.1 getimageactivex.com
127.0.0.1 get-ipod-music.com
127.0.0.1 http://www.get-ipod-music.com
127.0.0.1 get-i-tunes.com
127.0.0.1 http://www.get-i-tunes.com
127.0.0.1 getmirar.com
127.0.0.1 http://www.get-mp3-onlined.com
127.0.0.1 get-mp3-onlined.com
127.0.0.1 getpatytoday.info
127.0.0.1 http://www.getpatytoday.info
127.0.0.1 http://www.getpcmusic.com
127.0.0.1 getpcmusic.com
127.0.0.1 getpharmacymedicine.net
127.0.0.1 http://www.getpharmacymedicine.net
127.0.0.1 http://www.getphotosets.com
127.0.0.1 getphotosets.com
127.0.0.1 getpicshere.com
127.0.0.1 getpornmag.com
127.0.0.1 http://www.getpornmag.com
127.0.0.1 getpornvideoz.com
127.0.0.1 http://www.getpornvideoz.com
127.0.0.1 get-realplayer.com
127.0.0.1 http://www.get-realplayer.com
.........................
127.0.0.1 gzzetta.it
127.0.0.1 h24413.tfil.com
127.0.0.1 http://www.h9porn.info
127.0.0.1 h9porn.info
127.0.0.1 http://www.hachimitsu-lemon.com
127.0.0.1 hachimitsu-lemon.com
127.0.0.1 http://www.hacker.com.con
127.0.0.1 hacker.com.con
127.0.0.1 hadesunharuikeya.com
127.0.0.1 http://www.hagporn.info
127.0.0.1 hagporn.info
127.0.0.1 hallnetaccolade.com
127.0.0.1 hallplayd.by.ru
127.0.0.1 http://www.hallplayd.by.ru
127.0.0.1 http://www.handal.de
127.0.0.1 handal.de
127.0.0.1 hand-book.com
127.0.0.1 http://www.handy-gewinner.com
127.0.0.1 handy-gewinner.com
127.0.0.1 http://www.handyimporte.net
127.0.0.1 handyimporte.net
127.0.0.1 http://www.hanefxp.con
127.0.0.1 hanefxp.con
127.0.0.1 happyanal.com
127.0.0.1 happy-dice.net
127.0.0.1 http://www.happy-dice.net
127.0.0.1 happykids4ever.net
127.0.0.1 http://www.happykids4ever.net
127.0.0.1 http://www.haquqmt.con
127.0.0.1 haquqmt.con
127.0.0.1 hardbodytgp.com
127.0.0.1 hard-cash-win.net
127.0.0.1 http://www.hard-cash-win.net
127.0.0.1 http://www.hardcorefantasyland.com
127.0.0.1 hardcorefantasyland.com
127.0.0.1 hardcoreover.com
127.0.0.1 http://www.hardcorepornmag.com
127.0.0.1 hardcorepornmag.com
127.0.0.1 http://www.hardcorevideosite.com
127.0.0.1 hardcorevideosite.com
127.0.0.1 http://www.harddrevvagt.com
127.0.0.1 harddrevvagt.com
127.0.0.1 http://www.hardfootballbabes.com
127.0.0.1 hardfootballbabes.com
127.0.0.1 hard-gals.com
127.0.0.1 hardloved.com
..........................................
127.0.0.1 tattoo-heute.com
127.0.0.1 http://www.tattoo-heute.com
127.0.0.1 http://www.tattoo-motive2008.de
127.0.0.1 tattoo-motive2008.de
127.0.0.1 tattoo-paradies.de
127.0.0.1 http://www.tattoo-paradies.de
127.0.0.1 http://www.tattoos-archiv.com
127.0.0.1 tattoos-archiv.com
127.0.0.1 http://www.tattoos-datenbank.com
127.0.0.1 tattoos-datenbank.com
127.0.0.1 http://www.tattoos-downloaden.com
127.0.0.1 tattoos-downloaden.com
127.0.0.1 tattoo-server.com
127.0.0.1 http://www.tattoo-server.com
127.0.0.1 http://www.tattoos-paradies.de
127.0.0.1 tattoos-paradies.de
127.0.0.1 tattoos-sammlung.de
127.0.0.1 http://www.tattoos-sammlung.de
127.0.0.1 tax-refund4you.com
127.0.0.1 tbafujos.con
127.0.0.1 http://www.tbafujos.con
127.0.0.1 tbcode.com
127.0.0.1 http://www.tbcode.com
127.0.0.1 tbvg.com
127.0.0.1 tcporn.info
127.0.0.1 http://www.tcporn.info
127.0.0.1 tdak.com
127.0.0.1 tdko.com
127.0.0.1 tdmy.com
127.0.0.1 teamwebplaying.net
127.0.0.1 http://www.teamwebplaying.net
127.0.0.1 tech-jobs.ws
127.0.0.1 technicalcontact.com
127.0.0.1 http://www.technicalcontact.com
127.0.0.1 technology-related.com
127.0.0.1 teen-biz.com
127.0.0.1 teenhost.net
127.0.0.1 http://www.teenmonster.com
127.0.0.1 teenmonster.com
127.0.0.1 teen-pic-post.com
127.0.0.1 teenpornosex.com
127.0.0.1 teens4free.net
127.0.0.1 teensact.com
127.0.0.1 teensexfans.com
127.0.0.1 http://www.teensexfans.com
127.0.0.1 teensgate.com
127.0.0.1 teensguru.com
127.0.0.1 teenspornmag.com
127.0.0.1 http://www.teenspornmag.com
127.0.0.1 teenswamp.com
127.0.0.1 tefs.com
127.0.0.1 tegivpp.con
127.0.0.1 http://www.tegivpp.con
127.0.0.1 telecharger-avast.com
127.0.0.1 http://www.telecharger-avast.com
127.0.0.1 telefongewinn.com
127.0.0.1 http://www.telefongewinn.com
127.0.0.1 http://www.temptationclips.com
127.0.0.1 temptationclips.com
127.0.0.1 tenbeauty.ru
127.0.0.1 http://www.tenbeauty.ru
127.0.0.1 tenderverb.ru
127.0.0.1 http://www.tenderverb.ru
127.0.0.1 tensex3.info
.....................
127.0.0.1 http://www.vegaseastcasino.com
127.0.0.1 vegaseastcasino.com
127.0.0.1 vegas-free.com
127.0.0.1 vegaslandplay.net
127.0.0.1 http://www.vegaslandplay.net
127.0.0.1 vegaslinecasino.net
127.0.0.1 http://www.vegaslinecasino.net
127.0.0.1 vegasplaylife.net
127.0.0.1 http://www.vegasplaylife.net
127.0.0.1 http://www.vegasplayworld.com
127.0.0.1 vegasplayworld.com
127.0.0.1 vegasscasinostars.ru
127.0.0.1 http://www.vegasscasinostars.ru
127.0.0.1 vegbuy.com
127.0.0.1 veligos.con
127.0.0.1 http://www.veligos.con
127.0.0.1 veloventures.com
127.0.0.1 veporn.info
127.0.0.1 http://www.veporn.info
127.0.0.1 verkaufen.wegvonviren.com
127.0.0.1 verkehrsprofi.com
127.0.0.1 http://www.verkehrsprofi.com
127.0.0.1 vertionkinhunfenrunhasde.com
127.0.0.1 http://www.vertionkinhunfenrunhasde.com
127.0.0.1 verwandschafts-test.de
127.0.0.1 http://www.verwandschafts-test.de
127.0.0.1 veryeasysearch.com
127.0.0.1 verzila.com
127.0.0.1 vesbiz.biz
127.0.0.1 veyyhlucwa.net
127.0.0.1 http://www.veyyhlucwa.net
127.0.0.1 http://www.vfetovoh.con
127.0.0.1 vfetovoh.con
127.0.0.1 vfirgilio.it
127.0.0.1 http://www.vfirgilio.it
127.0.0.1 vgazzetta.it
127.0.0.1 http://www.vgazzetta.it
127.0.0.1 vgirgilio.it
127.0.0.1 http://www.vgirgilio.it
127.0.0.1 vgoogle.it
127.0.0.1 http://www.vgoogle.it
127.0.0.1 http://www.vi4gilio.it
127.0.0.1 vi4gilio.it
127.0.0.1 vi4rgilio.it
127.0.0.1 http://www.vi4rgilio.it
127.0.0.1 http://www.vi5gilio.it
127.0.0.1 vi5gilio.it
127.0.0.1 vi5rgilio.it
............................
127.0.0.1 xrecekap.con
127.0.0.1 http://www.xrecekap.con
127.0.0.1 xrenoder.com
127.0.0.1 http://www.xrenoder.com
127.0.0.1 xrenosearch.com
127.0.0.1 xrensmagpost.com
127.0.0.1 xrqigbnoc.shopmypharmacy.com
127.0.0.1 xsec.org
127.0.0.1 http://www.xsec.org
127.0.0.1 xsex.ws
127.0.0.1 xsfkqigt.ru
127.0.0.1 http://www.xsfkqigt.ru
127.0.0.1 xsporn.info
127.0.0.1 http://www.xsporn.info
127.0.0.1 http://www.xsremover.com
127.0.0.1 xsremover.com
127.0.0.1 xsuyomah.con
127.0.0.1 http://www.xsuyomah.con
127.0.0.1 xtipp.de
127.0.0.1 http://www.xtipp.de
127.0.0.1 xtosearch.biz
127.0.0.1 http://www.xtosearch.biz
127.0.0.1 xtragay.com
127.0.0.1 xtravideos.com
127.0.0.1 http://www.xtravideos.com
127.0.0.1 xtremesoftware-ltd.com
127.0.0.1 xu.pl
127.0.0.1 xu.xu.pl
127.0.0.1 xul93.pubdomainstr.com
127.0.0.1 xumuwew.con
127.0.0.1 http://www.xumuwew.con
127.0.0.1 xupiter.com
127.0.0.1 http://www.xupiter.com
127.0.0.1 xuvewvs.con
127.0.0.1 http://www.xuvewvs.con
127.0.0.1 xvaxebim.con
127.0.0.1 http://www.xvaxebim.con
127.0.0.1 xvgate.com
127.0.0.1 http://www.xvgate.com
127.0.0.1 http://www.xvidscollection.com
127.0.0.1 xvidscollection.com
127.0.0.1 xvsenterprise.com
127.0.0.1 http://www.xvsenterprise.com
127.0.0.1 x-webdesign.com
127.0.0.1 http://www.x-webdesign.com
127.0.0.1 http://www.xwebsearch.biz
127.0.0.1 xwebsearch.biz
127.0.0.1 xx.ka3ek.com
127.0.0.1 xx.sqlteam.info
127.0.0.1 xxbeeilm.ru.gg
127.0.0.1 http://www.xxlblog.info
127.0.0.1 xxlblog.info
127.0.0.1 http://www.xxokoriq.con
127.0.0.1 xxokoriq.con
127.0.0.1 xxxallvideo.com
127.0.0.1 http://www.xxxallvideo.com
127.0.0.1 xxxcategories.com
127.0.0.1 xxxemailxxx.com
127.0.0.1 xxxl-cash.net
127.0.0.1 http://www.xxxl-cash.net
127.0.0.1 xxxmovietour.com
127.0.0.1 http://www.xxxmovietour.com
127.0.0.1 xxxpornmovs.com
127.0.0.1 http://www.xxxpornmovs.com
127.0.0.1 xxxteenfilm.com
127.0.0.1 http://www.xxxteenfilm.com
127.0.0.1 xxx-testen.de
127.0.0.1 http://www.xxx-testen.de
127.0.0.1 xxxtoolbar.com
127.0.0.1 http://www.xxxzonevideo.com
127.0.0.1 xxxzonevideo.com
...............................
127.0.0.1 http://www.zvizuten.con
127.0.0.1 zvizuten.con
127.0.0.1 http://www.zxcsolution.com
127.0.0.1 zxcsolution.com
127.0.0.1 http://www.zxlinks.com
127.0.0.1 zxlinks.com
127.0.0.1 http://www.zxoqacar.con
127.0.0.1 zxoqacar.con
127.0.0.1 http://www.zxsex2.info
127.0.0.1 zxsex2.info
127.0.0.1 zyban-zocor-levitra.com
# This list is Copyright 2000-2008 Safer Networking Limited
# End of entries inserted by Spybot - Search & Destroy


e questo di 1 kb

# Copyright (c) 1993-1999 Microsoft Corp.
#
# Questo è un esempio di file HOSTS usato da Microsoft TCP/IP per Windows.
#
# Questo file contiene la mappatura degli indirizzi IP ai nomi host.
# Ogni voce dovrebbe occupare una singola riga. L'indirizzo IP dovrebbe
# trovarsi nella prima colonna seguito dal nome host corrispondente.
# L'indirizzo e il nome host dovrebbero essere separati da almeno uno spazio
# o punto di tabulazione.
#
# È inoltre possibile inserire commenti (come questi) nelle singole righe
# o dopo il nome del computer caratterizzato da un simbolo '#'.
#
# Per esempio:
#
# 102.54.94.97 rhino.acme.com # server origine
# 38.25.63.10 x.acme.com # client host x

127.0.0.1 localhost


così ho sostituito quello di 432 kb con questo di 1 kb
poi da ARC ho rilabciato il controllo... a questo punto ha fatto secondo lui la variazione.. ma a me sebra uguale.. comunque non ha trovato problemi a farlo..
poi ho rieseguito il ripristino dei servizi..
stessa operazione e ho riavviato il pc..
c'e' la bandierina e'0 bianca.. ma gia' ho visto che il servizio "centro di sicurezza .." e disabilitato...
se lo riavvio .. rimane qualche secondo e poi si dimette disabilitato...
QUINDI.. NON HO RISOLTO NULLA...
..
SPERO CHE DAVVERO QUALCUNO MI AIUTI.. NON SO' PIU COSA FARE...

CIAO E GRAZIE comunque...

Re: servizio centro sicurezza pc windows disabilitato

MessaggioInviato: gio apr 14, 2011 11:30 am
da manero478
per ripristinare i diritti ho trovato questo:
http://social.technet.microsoft.com/For ... d555c81fda

fatto tutto.. anche la parte del rifare la cartella SoftwareDistribution... ma non e' ancora cambiato nulla...

(altra cosa forse dovuta a qualcosa che nel frattempo ho toccato.. ogni volta che lancio un programma che potrebbe cambiare qualcosa..
si apre una finestrella che chiede l'autorizzazione)
e poi non so se gia' c'erano ma vedo nei menu a tendina del file manager molti scudetti "giallo7blu" per le autorizzazioni da amministratore..

PER FAVORE, PUO' QUALCUNO RISPONDERMI DI CHE MORTE DEVO MORIRE?..

GRAZIE...

servizio disabilitato - cheK log COMBOFIX

MessaggioInviato: lun apr 18, 2011 3:15 pm
da manero478
Vista la recensione di COBMOFIX sulla NEWSLETTERS di questa settimana...
l'ho eseguito per controllo...
vi allevo il log :

ComboFix 11-04-17.03 - Gilberto 18/04/2011 15:48:14.1.2 - x86
Eseguito da: c:\users\Gilberto\Downloads\ComboFix.exe
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\formatfactoryportable\FormatFactoryPortable.exe
C:\InfoSat.txt
c:\portablevirtualbox\PortableVirtualBox.exe
c:\users\Gilberto\AppData\Roaming\ImgBurn.exe
c:\users\Gilberto\AppData\Roaming\Local
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\(2).ddr
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\(3).ddr
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\5.ddi
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(10).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(11).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(12).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(13).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3)
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(5).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(6).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(7).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(8).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(9).ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\Gilberto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\users\Gilberto\AppData\Roaming\Microsoft\~DFK3ca46.tmp
c:\users\Gilberto\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Gilberto\AppData\Roaming\Microsoft\bass.dll
c:\users\Gilberto\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Gilberto\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Gilberto\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Gilberto\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Gilberto\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\Gilberto\AppData\Roaming\OfferBox
c:\users\Gilberto\AppData\Roaming\OfferBox\config.dat
c:\users\Gilberto\AppData\Roaming\OfferBox\config.xml
c:\virtualdubmod\virtualdubmod.exe
c:\windows\system32\office.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Creati Da 2011-03-18 al 2011-04-18 )))))))))))))))))))))))))))))))))))
.
.
2011-04-18 13:56 . 2011-04-18 13:56 -------- d-----w- c:\users\Gilberto\AppData\Local\temp
2011-04-18 13:56 . 2011-04-18 13:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-15 12:59 . 2011-04-15 12:59 -------- d-----w- c:\users\Gilberto\AppData\Local\{B4CF318C-9CD8-4782-A007-96C0F1366962}
2011-04-15 00:02 . 2011-04-15 00:02 -------- d-----w- c:\users\Gilberto\AppData\Roaming\KeePass
2011-04-14 14:20 . 2011-04-14 14:20 -------- d-----w- c:\users\Gilberto\AppData\Local\{77600C73-A7B0-47EA-864A-87B79CC654C9}
2011-04-13 23:17 . 2004-06-11 13:33 290304 ----a-w- c:\windows\system32\subinacl.exe
2011-04-13 23:09 . 2011-04-13 23:09 -------- d-----w- c:\program files\Windows Resource Kits
2011-04-13 20:41 . 2011-04-13 20:41 -------- d-----w- C:\AnalyzeProduct
2011-04-13 00:02 . 2011-04-14 23:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-13 00:02 . 2011-04-13 00:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-12 18:34 . 2011-04-12 18:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-12 13:18 . 2011-04-12 13:18 118784 --sha-r- c:\windows\system32\sdrsvca.dll
2011-04-08 23:37 . 2011-04-08 23:37 -------- d-----w- c:\users\Gilberto\AppData\Roaming\QuickScan
2011-04-08 23:15 . 2011-04-08 23:15 -------- d-----w- c:\users\Gilberto\AppData\Roaming\f-secure
2011-04-08 23:15 . 2011-04-08 23:15 -------- d-----w- c:\programdata\F-Secure
2011-04-08 10:25 . 2011-04-08 10:25 -------- d-----w- c:\users\Gilberto\AppData\Roaming\ParetoLogic
2011-04-08 10:25 . 2011-04-08 10:25 -------- d-----w- c:\users\Gilberto\AppData\Roaming\DriverCure
2011-04-08 10:25 . 2011-04-08 10:37 -------- d-----w- c:\programdata\ParetoLogic
2011-04-07 21:15 . 2011-04-07 21:15 -------- d-----w- c:\program files\CCleaner
2011-04-07 18:52 . 2011-04-07 18:52 -------- d-----w- c:\users\Gilberto\AppData\Roaming\Malwarebytes
2011-04-07 18:52 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-07 18:52 . 2011-04-07 18:52 -------- d-----w- c:\programdata\Malwarebytes
2011-04-07 18:52 . 2011-04-09 00:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-07 18:52 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-07 00:21 . 2011-04-07 00:28 98304 ----a-w- c:\windows\Secure.dll
2011-04-06 23:26 . 2011-04-06 23:26 -------- d-----w- c:\users\Gilberto\AppData\Local\{8F8000AF-002A-4666-852C-6AACB59E3F19}
2011-04-06 21:11 . 2011-04-06 21:13 -------- d-----w- c:\program files\Protect Folder Plus
2011-04-04 11:31 . 2011-04-04 23:32 -------- d-----w- c:\users\Gilberto\AppData\Local\{A51DC558-8100-4EAC-8F26-519C0D102A53}
2011-04-01 20:51 . 2011-04-01 20:52 -------- d-----w- C:\GDPoker
2011-03-26 23:26 . 2011-03-26 23:26 -------- d-----w- c:\program files\Smart Projects
2011-03-26 15:18 . 2011-03-26 15:18 -------- d-----w- c:\program files\Auslogics
2011-03-25 11:42 . 2011-03-21 13:58 152064 ----a-w- c:\windows\system32\xvid.ax
2011-03-25 11:42 . 2011-03-19 15:04 650752 ----a-w- c:\windows\system32\xvidcore.dll
2011-03-25 11:41 . 2011-03-19 15:06 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-03-25 11:41 . 2011-03-25 11:41 -------- d-----w- c:\users\Gilberto\.bitrock
2011-03-24 14:32 . 2011-03-24 14:33 -------- d-----w- c:\program files\Portrait Professional Studio 9
2011-03-24 13:42 . 2011-03-24 13:42 -------- d-----w- c:\users\Gilberto\AppData\Roaming\Anthropics
2011-03-23 13:11 . 2011-03-23 13:11 -------- d-----w- c:\users\Gilberto\AppData\Local\{553B97A2-ABCC-4FAA-A3EF-78A79B1F8659}
2011-03-19 15:41 . 2011-03-19 15:45 -------- d-----w- c:\program files\MIDIRenderer
2011-03-19 14:56 . 2011-03-19 14:58 -------- d-----w- C:\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-31 13:49 . 2011-01-20 23:03 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-15 15:19 . 2011-03-15 15:19 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-15 15:19 . 2011-03-15 15:19 161792 ----a-w- c:\windows\system32\msls31.dll
2011-03-15 15:19 . 2011-03-15 15:19 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-03-15 15:19 . 2011-03-15 15:19 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-15 15:19 . 2011-03-15 15:19 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-15 15:19 . 2011-03-15 15:19 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-03-15 15:19 . 2011-03-15 15:19 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-03-15 15:19 . 2011-03-15 15:19 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-15 15:19 . 2011-03-15 15:19 367104 ----a-w- c:\windows\system32\html.iec
2011-03-15 15:19 . 2011-03-15 15:19 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-15 15:19 . 2011-03-15 15:19 152064 ----a-w- c:\windows\system32\wextract.exe
2011-03-15 15:19 . 2011-03-15 15:19 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-03-15 15:19 . 2011-03-15 15:19 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-15 15:19 . 2011-03-15 15:19 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-15 15:19 . 2011-03-15 15:19 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-15 15:19 . 2011-03-15 15:19 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-03-15 15:19 . 2011-03-15 15:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-15 15:19 . 2011-03-15 15:19 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-03-15 15:19 . 2011-03-15 15:19 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-15 15:19 . 2011-03-15 15:19 11776 ----a-w- c:\windows\system32\mshta.exe
2011-03-15 15:19 . 2011-03-15 15:19 101888 ----a-w- c:\windows\system32\admparse.dll
2011-03-12 00:59 . 2011-03-11 22:10 673546 ----a-w- c:\windows\unins000.exe
2011-03-12 00:49 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-01 11:26 . 2011-03-01 11:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-24 09:56 . 2011-02-24 09:55 441064 ----a-w- c:\windows\Gd2x0401.zip
2011-02-23 15:50 . 2011-03-18 13:54 16184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-02-23 15:50 . 2011-03-18 13:54 29008 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-02-23 11:01 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-13 00:09 . 2011-02-13 00:09 253952 ------w- c:\windows\Setup1.exe
2011-02-13 00:09 . 2011-02-13 00:09 74752 ----a-w- c:\windows\ST6UNST.EXE
2011-02-11 12:53 . 2011-02-11 12:53 69632 ----a-w- c:\windows\system32\realbap1.dll
2011-02-11 12:53 . 2011-02-11 12:53 45568 ----a-w- c:\windows\system32\realbsf1.dll
2011-02-11 00:30 . 2011-02-11 00:30 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-02-11 00:05 . 2011-02-03 17:28 81920 ----a-w- c:\users\Gilberto\AppData\Roaming\ezpinst.exe
2011-02-11 00:05 . 2011-02-03 17:28 47360 ----a-w- c:\users\Gilberto\AppData\Roaming\pcouffin.sys
2011-02-05 18:52 . 2011-01-26 13:54 7760687 ----a-w- c:\users\Gilberto\AppData\Roaming\SetupGFD.exe
2011-02-05 18:51 . 2011-01-26 13:54 5243208 ----a-w- c:\users\Gilberto\AppData\Roaming\AvsP.exe
2011-02-05 18:51 . 2011-01-26 13:53 4284535 ----a-w- c:\users\Gilberto\AppData\Roaming\ffdshow.exe
2011-02-05 18:50 . 2011-01-26 13:53 642685 ----a-w- c:\users\Gilberto\AppData\Roaming\xvid.exe
2011-02-05 18:50 . 2011-01-26 13:53 4182178 ----a-w- c:\users\Gilberto\AppData\Roaming\Avisynth.exe
2011-02-04 12:49 . 2011-03-12 13:03 17712 ----a-w- c:\windows\system32\nitrolocalui.dll
2011-02-04 12:49 . 2011-03-12 13:03 26416 ----a-w- c:\windows\system32\nitrolocalmon.dll
2011-02-03 17:28 . 2011-02-03 17:28 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-02-03 05:54 . 2011-02-09 13:10 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-01 11:25 . 2011-02-01 11:25 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-01-27 18:20 . 2011-01-27 18:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-01-27 18:20 . 2011-01-27 18:20 375616 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-21 18:51 . 2011-01-20 23:32 1251944 ----a-w- c:\windows\RtlExUpd.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-06 281768]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=mapledxp.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
2011-02-15 09:50 9224104 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-20 136176]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-21 1343400]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S1 mapledxp;mapledxp;c:\windows\System32\drivers\mapledxp.SYS [2004-04-05 24720]
S2 CFSDrv;CFSDrv;c:\program files\Protect Folder Plus\CFSDrv.sys [2005-06-16 10240]
S2 CFSService;CFSService;c:\program files\Protect Folder Plus\CFSSvc.exe [2005-06-16 179712]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2011-02-04 196912]
S2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [2011-03-16 32672]
S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-05-11 1287296]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2010-11-23 91728]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-04-18 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-03-03 15:50]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 22:40]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 22:40]
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1093936880-3266294500-1679983877-1000Core.job
- c:\users\Gilberto\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-20 22:40]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1093936880-3266294500-1679983877-1000UA.job
- c:\users\Gilberto\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-20 22:40]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: microsoft.com\update
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
WebBrowser-{90B49673-5506-483E-B92B-CA0265BD9CA8} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:8e,04,fb,ce,73,e5,cb,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,83,5d,4e,ca,54,84,4f,92,7f,44,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,83,5d,4e,ca,54,84,4f,92,7f,44,\
.
[HKEY_USERS\S-1-5-21-1093936880-3266294500-1679983877-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0739A8BA-A3CA-1DDF-73F3-65D56926B178}*]
@Allowed: (Read) (RestrictedCode)
"oamjjnmncconoackeochpijadnfjac"=hex:64,61,6c,6c,6b,68,6d,6b,00,fc
"oailbhiankdoikaokjeipncnmogbdp"=hex:69,61,66,6d,6a,66,69,6a,70,6a,66,63,6f,66,
68,66,6d,66,00,00
"naclhcgddjoddjgihpjlgfdpldfi"=hex:69,61,66,6d,6a,66,66,6a,69,68,6f,70,6d,69,
69,66,6c,6e,00,00
"eaalbockbm"=hex:66,61,66,6a,6f,68,69,6a,6c,64,61,66,00,d8
"cajknb"=hex:6b,62,6b,6d,6d,6b,62,6e,69,61,62,62,63,61,62,64,68,67,65,70,67,63,
64,65,68,6e,61,6c,61,68,6f,63,67,70,65,61,63,66,6a,66,68,6f,68,6b,68,6d,70,\
.
[HKEY_USERS\S-1-5-21-1093936880-3266294500-1679983877-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5BF15D7E-E274-656A-87A5-6AB6E4242F93}*]
@Allowed: (Read) (RestrictedCode)
"oabhfmbolhpdmooongpjbgjoeenoko"=hex:6a,61,6b,62,70,6f,62,6c,64,68,6a,6c,6d,65,
64,6c,6d,6e,6c,6f,00,00
"nalkpokecbdfmhjmdjnhjmoiahga"=hex:6a,61,6b,62,70,6f,62,6c,64,68,6a,6c,6d,65,
64,6c,6d,6e,6c,6f,00,00
"eajkfjoaoj"=hex:66,61,65,66,65,62,6e,6d,61,64,70,61,00,01
"caihpc"=hex:65,63,63,62,65,6b,68,69,69,6b,6d,67,6b,69,61,68,68,6d,62,65,61,68,
6c,63,6f,6d,67,6e,6c,66,6d,66,64,65,6c,70,6f,66,66,6c,69,6d,6f,6e,6a,6c,66,\
"oafhpodmpfdnphnnmcoicfianohejl"=hex:64,61,6b,62,6f,6f,70,6c,00,fc
.
[HKEY_USERS\S-1-5-21-1093936880-3266294500-1679983877-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE8707C6-2068-853A-FEBC-829BE8F93FB1}*]
@Allowed: (Read) (RestrictedCode)
"ialcedodmdloodnihd"=hex:6b,61,67,6a,67,6a,66,67,65,6d,6f,63,69,61,66,70,66,68,
62,67,67,68,00,00
"habeoeeipimkcofn"=hex:6b,61,67,6a,67,6a,66,67,65,6d,6f,63,69,61,66,70,66,68,
62,67,67,68,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2011-04-18 16:00:48
ComboFix-quarantined-files.txt 2011-04-18 14:00
.
Pre-Run: 192.838.893.568 byte disponibili
Post-Run: 192.780.533.760 byte disponibili
.
- - End Of File - - 487090262A4816BC0CAEBDC05B084323


Spero quacuno me lo possa controllare .. e dirmi se ha trovato qualcosa..
e se c'e' qualche altra operazione da fare..
grazie..
ciao